]> The Tcpdump Group git mirrors - tcpdump/blob - print-sflow.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
SFLOW: Fix bounds checking
[tcpdump] / print-sflow.c
1 /*
2 * Copyright (c) 1998-2007 The TCPDUMP project
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that: (1) source code
6 * distributions retain the above copyright notice and this paragraph
7 * in its entirety, and (2) distributions including binary code include
8 * the above copyright notice and this paragraph in its entirety in
9 * the documentation or other materials provided with the distribution.
10 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
11 * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
12 * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
13 * FOR A PARTICULAR PURPOSE.
14 *
15 * The SFLOW protocol as per http://www.sflow.org/developers/specifications.php
16 *
17 * Original code by Carles Kishimoto <carles.kishimoto@gmail.com>
18 *
19 * Expansion and refactoring by Rick Jones <rick.jones2@hp.com>
20 */
21
22 #ifndef lint
23 static const char rcsid[] _U_ =
24 "@(#) $Header: /tcpdump/master/tcpdump/print-sflow.c,v 1.1 2007-08-08 17:20:58 hannes Exp $";
25 #endif
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <tcpdump-stdinc.h>
32
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36
37 #include "interface.h"
38 #include "extract.h"
39 #include "addrtoname.h"
40
41 /*
42 * sFlow datagram
43 *
44 * 0 1 2 3
45 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
46 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
47 * | Sflow version (2,4,5) |
48 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
49 * | IP version (1 for IPv4 | 2 for IPv6) |
50 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
51 * | IP Address AGENT (4 or 16 bytes) |
52 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
53 * | Sub agent ID |
54 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
55 * | Datagram sequence number |
56 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
57 * | Switch uptime in ms |
58 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
59 * | num samples in datagram |
60 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
61 *
62 */
63
64 struct sflow_datagram_t {
65 u_int8_t version[4];
66 u_int8_t ip_version[4];
67 u_int8_t agent[4];
68 u_int8_t agent_id[4];
69 u_int8_t seqnum[4];
70 u_int8_t uptime[4];
71 u_int8_t samples[4];
72 };
73
74 struct sflow_sample_header {
75 u_int8_t format[4];
76 u_int8_t len[4];
77 };
78
79 #define SFLOW_FLOW_SAMPLE 1
80 #define SFLOW_COUNTER_SAMPLE 2
81 #define SFLOW_EXPANDED_FLOW_SAMPLE 3
82 #define SFLOW_EXPANDED_COUNTER_SAMPLE 4
83
84 static const struct tok sflow_format_values[] = {
85 { SFLOW_FLOW_SAMPLE, "flow sample" },
86 { SFLOW_COUNTER_SAMPLE, "counter sample" },
87 { SFLOW_EXPANDED_FLOW_SAMPLE, "expanded flow sample" },
88 { SFLOW_EXPANDED_COUNTER_SAMPLE, "expanded counter sample" },
89 { 0, NULL}
90 };
91
92 struct sflow_flow_sample_t {
93 u_int8_t seqnum[4];
94 u_int8_t typesource[4];
95 u_int8_t rate[4];
96 u_int8_t pool[4];
97 u_int8_t drops[4];
98 u_int8_t in_interface[4];
99 u_int8_t out_interface[4];
100 u_int8_t records[4];
101
102 };
103
104 struct sflow_expanded_flow_sample_t {
105 u_int8_t seqnum[4];
106 u_int8_t type[4];
107 u_int8_t index[4];
108 u_int8_t rate[4];
109 u_int8_t pool[4];
110 u_int8_t drops[4];
111 u_int8_t in_interface_format[4];
112 u_int8_t in_interface_value[4];
113 u_int8_t out_interface_format[4];
114 u_int8_t out_interface_value[4];
115 u_int8_t records[4];
116 };
117
118 #define SFLOW_FLOW_RAW_PACKET 1
119 #define SFLOW_FLOW_ETHERNET_FRAME 2
120 #define SFLOW_FLOW_IPV4_DATA 3
121 #define SFLOW_FLOW_IPV6_DATA 4
122 #define SFLOW_FLOW_EXTENDED_SWITCH_DATA 1001
123 #define SFLOW_FLOW_EXTENDED_ROUTER_DATA 1002
124 #define SFLOW_FLOW_EXTENDED_GATEWAY_DATA 1003
125 #define SFLOW_FLOW_EXTENDED_USER_DATA 1004
126 #define SFLOW_FLOW_EXTENDED_URL_DATA 1005
127 #define SFLOW_FLOW_EXTENDED_MPLS_DATA 1006
128 #define SFLOW_FLOW_EXTENDED_NAT_DATA 1007
129 #define SFLOW_FLOW_EXTENDED_MPLS_TUNNEL 1008
130 #define SFLOW_FLOW_EXTENDED_MPLS_VC 1009
131 #define SFLOW_FLOW_EXTENDED_MPLS_FEC 1010
132 #define SFLOW_FLOW_EXTENDED_MPLS_LVP_FEC 1011
133 #define SFLOW_FLOW_EXTENDED_VLAN_TUNNEL 1012
134
135 static const struct tok sflow_flow_type_values[] = {
136 { SFLOW_FLOW_RAW_PACKET, "Raw packet"},
137 { SFLOW_FLOW_ETHERNET_FRAME, "Ethernet frame"},
138 { SFLOW_FLOW_IPV4_DATA, "IPv4 Data"},
139 { SFLOW_FLOW_IPV6_DATA, "IPv6 Data"},
140 { SFLOW_FLOW_EXTENDED_SWITCH_DATA, "Extended Switch data"},
141 { SFLOW_FLOW_EXTENDED_ROUTER_DATA, "Extended Router data"},
142 { SFLOW_FLOW_EXTENDED_GATEWAY_DATA, "Extended Gateway data"},
143 { SFLOW_FLOW_EXTENDED_USER_DATA, "Extended User data"},
144 { SFLOW_FLOW_EXTENDED_URL_DATA, "Extended URL data"},
145 { SFLOW_FLOW_EXTENDED_MPLS_DATA, "Extended MPLS data"},
146 { SFLOW_FLOW_EXTENDED_NAT_DATA, "Extended NAT data"},
147 { SFLOW_FLOW_EXTENDED_MPLS_TUNNEL, "Extended MPLS tunnel"},
148 { SFLOW_FLOW_EXTENDED_MPLS_VC, "Extended MPLS VC"},
149 { SFLOW_FLOW_EXTENDED_MPLS_FEC, "Extended MPLS FEC"},
150 { SFLOW_FLOW_EXTENDED_MPLS_LVP_FEC, "Extended MPLS LVP FEC"},
151 { SFLOW_FLOW_EXTENDED_VLAN_TUNNEL, "Extended VLAN Tunnel"},
152 { 0, NULL}
153 };
154
155 #define SFLOW_HEADER_PROTOCOL_ETHERNET 1
156 #define SFLOW_HEADER_PROTOCOL_IPV4 11
157 #define SFLOW_HEADER_PROTOCOL_IPV6 12
158
159 static const struct tok sflow_flow_raw_protocol_values[] = {
160 { SFLOW_HEADER_PROTOCOL_ETHERNET, "Ethernet"},
161 { SFLOW_HEADER_PROTOCOL_IPV4, "IPv4"},
162 { SFLOW_HEADER_PROTOCOL_IPV6, "IPv6"},
163 { 0, NULL}
164 };
165
166 struct sflow_expanded_flow_raw_t {
167 u_int8_t protocol[4];
168 u_int8_t length[4];
169 u_int8_t stripped_bytes[4];
170 u_int8_t header_size[4];
171 };
172
173 struct sflow_ethernet_frame_t {
174 u_int8_t length[4];
175 u_int8_t src_mac[8];
176 u_int8_t dst_mac[8];
177 u_int8_t type[4];
178 };
179
180 struct sflow_extended_switch_data_t {
181 u_int8_t src_vlan[4];
182 u_int8_t src_pri[4];
183 u_int8_t dst_vlan[4];
184 u_int8_t dst_pri[4];
185 };
186
187 struct sflow_counter_record_t {
188 u_int8_t format[4];
189 u_int8_t length[4];
190 };
191
192 struct sflow_flow_record_t {
193 u_int8_t format[4];
194 u_int8_t length[4];
195 };
196
197 struct sflow_counter_sample_t {
198 u_int8_t seqnum[4];
199 u_int8_t typesource[4];
200 u_int8_t records[4];
201 };
202
203 struct sflow_expanded_counter_sample_t {
204 u_int8_t seqnum[4];
205 u_int8_t type[4];
206 u_int8_t index[4];
207 u_int8_t records[4];
208 };
209
210 #define SFLOW_COUNTER_GENERIC 1
211 #define SFLOW_COUNTER_ETHERNET 2
212 #define SFLOW_COUNTER_TOKEN_RING 3
213 #define SFLOW_COUNTER_BASEVG 4
214 #define SFLOW_COUNTER_VLAN 5
215 #define SFLOW_COUNTER_PROCESSOR 1001
216
217 static const struct tok sflow_counter_type_values[] = {
218 { SFLOW_COUNTER_GENERIC, "Generic counter"},
219 { SFLOW_COUNTER_ETHERNET, "Ethernet counter"},
220 { SFLOW_COUNTER_TOKEN_RING, "Token ring counter"},
221 { SFLOW_COUNTER_BASEVG, "100 BaseVG counter"},
222 { SFLOW_COUNTER_VLAN, "Vlan counter"},
223 { SFLOW_COUNTER_PROCESSOR, "Processor counter"},
224 { 0, NULL}
225 };
226
227 #define SFLOW_IFACE_DIRECTION_UNKNOWN 0
228 #define SFLOW_IFACE_DIRECTION_FULLDUPLEX 1
229 #define SFLOW_IFACE_DIRECTION_HALFDUPLEX 2
230 #define SFLOW_IFACE_DIRECTION_IN 3
231 #define SFLOW_IFACE_DIRECTION_OUT 4
232
233 static const struct tok sflow_iface_direction_values[] = {
234 { SFLOW_IFACE_DIRECTION_UNKNOWN, "unknown"},
235 { SFLOW_IFACE_DIRECTION_FULLDUPLEX, "full-duplex"},
236 { SFLOW_IFACE_DIRECTION_HALFDUPLEX, "half-duplex"},
237 { SFLOW_IFACE_DIRECTION_IN, "in"},
238 { SFLOW_IFACE_DIRECTION_OUT, "out"},
239 { 0, NULL}
240 };
241
242 struct sflow_generic_counter_t {
243 u_int8_t ifindex[4];
244 u_int8_t iftype[4];
245 u_int8_t ifspeed[8];
246 u_int8_t ifdirection[4];
247 u_int8_t ifstatus[4];
248 u_int8_t ifinoctets[8];
249 u_int8_t ifinunicastpkts[4];
250 u_int8_t ifinmulticastpkts[4];
251 u_int8_t ifinbroadcastpkts[4];
252 u_int8_t ifindiscards[4];
253 u_int8_t ifinerrors[4];
254 u_int8_t ifinunkownprotos[4];
255 u_int8_t ifoutoctets[8];
256 u_int8_t ifoutunicastpkts[4];
257 u_int8_t ifoutmulticastpkts[4];
258 u_int8_t ifoutbroadcastpkts[4];
259 u_int8_t ifoutdiscards[4];
260 u_int8_t ifouterrors[4];
261 u_int8_t ifpromiscmode[4];
262 };
263
264 struct sflow_ethernet_counter_t {
265 u_int8_t alignerrors[4];
266 u_int8_t fcserrors[4];
267 u_int8_t single_collision_frames[4];
268 u_int8_t multiple_collision_frames[4];
269 u_int8_t test_errors[4];
270 u_int8_t deferred_transmissions[4];
271 u_int8_t late_collisions[4];
272 u_int8_t excessive_collisions[4];
273 u_int8_t mac_transmit_errors[4];
274 u_int8_t carrier_sense_errors[4];
275 u_int8_t frame_too_longs[4];
276 u_int8_t mac_receive_errors[4];
277 u_int8_t symbol_errors[4];
278 };
279
280 struct sflow_100basevg_counter_t {
281 u_int8_t in_highpriority_frames[4];
282 u_int8_t in_highpriority_octets[8];
283 u_int8_t in_normpriority_frames[4];
284 u_int8_t in_normpriority_octets[8];
285 u_int8_t in_ipmerrors[4];
286 u_int8_t in_oversized[4];
287 u_int8_t in_data_errors[4];
288 u_int8_t in_null_addressed_frames[4];
289 u_int8_t out_highpriority_frames[4];
290 u_int8_t out_highpriority_octets[8];
291 u_int8_t transitioninto_frames[4];
292 u_int8_t hc_in_highpriority_octets[8];
293 u_int8_t hc_in_normpriority_octets[8];
294 u_int8_t hc_out_highpriority_octets[8];
295 };
296
297 struct sflow_vlan_counter_t {
298 u_int8_t vlan_id[4];
299 u_int8_t octets[8];
300 u_int8_t unicast_pkt[4];
301 u_int8_t multicast_pkt[4];
302 u_int8_t broadcast_pkt[4];
303 u_int8_t discards[4];
304 };
305
306 static int
307 print_sflow_counter_generic(const u_char *pointer, u_int len) {
308
309 const struct sflow_generic_counter_t *sflow_gen_counter;
310
311 if (len < sizeof(struct sflow_generic_counter_t))
312 return 1;
313
314 sflow_gen_counter = (const struct sflow_generic_counter_t *)pointer;
315 TCHECK(*sflow_gen_counter);
316 printf("\n\t ifindex %u, iftype %u, ifspeed %" PRIu64 ", ifdirection %u (%s)",
317 EXTRACT_32BITS(sflow_gen_counter->ifindex),
318 EXTRACT_32BITS(sflow_gen_counter->iftype),
319 EXTRACT_64BITS(sflow_gen_counter->ifspeed),
320 EXTRACT_32BITS(sflow_gen_counter->ifdirection),
321 tok2str(sflow_iface_direction_values, "Unknown",
322 EXTRACT_32BITS(sflow_gen_counter->ifdirection)));
323 printf("\n\t ifstatus %u, adminstatus: %s, operstatus: %s",
324 EXTRACT_32BITS(sflow_gen_counter->ifstatus),
325 EXTRACT_32BITS(sflow_gen_counter->ifstatus)&1 ? "up" : "down",
326 (EXTRACT_32BITS(sflow_gen_counter->ifstatus)>>1)&1 ? "up" : "down");
327 printf("\n\t In octets %" PRIu64
328 ", unicast pkts %u, multicast pkts %u, broadcast pkts %u, discards %u",
329 EXTRACT_64BITS(sflow_gen_counter->ifinoctets),
330 EXTRACT_32BITS(sflow_gen_counter->ifinunicastpkts),
331 EXTRACT_32BITS(sflow_gen_counter->ifinmulticastpkts),
332 EXTRACT_32BITS(sflow_gen_counter->ifinbroadcastpkts),
333 EXTRACT_32BITS(sflow_gen_counter->ifindiscards));
334 printf("\n\t In errors %u, unknown protos %u",
335 EXTRACT_32BITS(sflow_gen_counter->ifinerrors),
336 EXTRACT_32BITS(sflow_gen_counter->ifinunkownprotos));
337 printf("\n\t Out octets %" PRIu64
338 ", unicast pkts %u, multicast pkts %u, broadcast pkts %u, discards %u",
339 EXTRACT_64BITS(sflow_gen_counter->ifoutoctets),
340 EXTRACT_32BITS(sflow_gen_counter->ifoutunicastpkts),
341 EXTRACT_32BITS(sflow_gen_counter->ifoutmulticastpkts),
342 EXTRACT_32BITS(sflow_gen_counter->ifoutbroadcastpkts),
343 EXTRACT_32BITS(sflow_gen_counter->ifoutdiscards));
344 printf("\n\t Out errors %u, promisc mode %u",
345 EXTRACT_32BITS(sflow_gen_counter->ifouterrors),
346 EXTRACT_32BITS(sflow_gen_counter->ifpromiscmode));
347
348 return 0;
349
350 trunc:
351 return 1;
352 }
353
354 static int
355 print_sflow_counter_ethernet(const u_char *pointer, u_int len){
356
357 const struct sflow_ethernet_counter_t *sflow_eth_counter;
358
359 if (len < sizeof(struct sflow_ethernet_counter_t))
360 return 1;
361
362 sflow_eth_counter = (const struct sflow_ethernet_counter_t *)pointer;
363 TCHECK(*sflow_eth_counter);
364 printf("\n\t align errors %u, fcs errors %u, single collision %u, multiple collision %u, test error %u",
365 EXTRACT_32BITS(sflow_eth_counter->alignerrors),
366 EXTRACT_32BITS(sflow_eth_counter->fcserrors),
367 EXTRACT_32BITS(sflow_eth_counter->single_collision_frames),
368 EXTRACT_32BITS(sflow_eth_counter->multiple_collision_frames),
369 EXTRACT_32BITS(sflow_eth_counter->test_errors));
370 printf("\n\t deferred %u, late collision %u, excessive collision %u, mac trans error %u",
371 EXTRACT_32BITS(sflow_eth_counter->deferred_transmissions),
372 EXTRACT_32BITS(sflow_eth_counter->late_collisions),
373 EXTRACT_32BITS(sflow_eth_counter->excessive_collisions),
374 EXTRACT_32BITS(sflow_eth_counter->mac_transmit_errors));
375 printf("\n\t carrier error %u, frames too long %u, mac receive errors %u, symbol errors %u",
376 EXTRACT_32BITS(sflow_eth_counter->carrier_sense_errors),
377 EXTRACT_32BITS(sflow_eth_counter->frame_too_longs),
378 EXTRACT_32BITS(sflow_eth_counter->mac_receive_errors),
379 EXTRACT_32BITS(sflow_eth_counter->symbol_errors));
380
381 return 0;
382
383 trunc:
384 return 1;
385 }
386
387 static int
388 print_sflow_counter_token_ring(const u_char *pointer _U_, u_int len _U_) {
389
390 return 0;
391 }
392
393 static int
394 print_sflow_counter_basevg(const u_char *pointer, u_int len) {
395
396 const struct sflow_100basevg_counter_t *sflow_100basevg_counter;
397
398 if (len < sizeof(struct sflow_100basevg_counter_t))
399 return 1;
400
401 sflow_100basevg_counter = (const struct sflow_100basevg_counter_t *)pointer;
402 TCHECK(*sflow_100basevg_counter);
403 printf("\n\t in high prio frames %u, in high prio octets %" PRIu64,
404 EXTRACT_32BITS(sflow_100basevg_counter->in_highpriority_frames),
405 EXTRACT_64BITS(sflow_100basevg_counter->in_highpriority_octets));
406 printf("\n\t in norm prio frames %u, in norm prio octets %" PRIu64,
407 EXTRACT_32BITS(sflow_100basevg_counter->in_normpriority_frames),
408 EXTRACT_64BITS(sflow_100basevg_counter->in_normpriority_octets));
409 printf("\n\t in ipm errors %u, oversized %u, in data errors %u, null addressed frames %u",
410 EXTRACT_32BITS(sflow_100basevg_counter->in_ipmerrors),
411 EXTRACT_32BITS(sflow_100basevg_counter->in_oversized),
412 EXTRACT_32BITS(sflow_100basevg_counter->in_data_errors),
413 EXTRACT_32BITS(sflow_100basevg_counter->in_null_addressed_frames));
414 printf("\n\t out high prio frames %u, out high prio octets %" PRIu64
415 ", trans into frames %u",
416 EXTRACT_32BITS(sflow_100basevg_counter->out_highpriority_frames),
417 EXTRACT_64BITS(sflow_100basevg_counter->out_highpriority_octets),
418 EXTRACT_32BITS(sflow_100basevg_counter->transitioninto_frames));
419 printf("\n\t in hc high prio octets %" PRIu64
420 ", in hc norm prio octets %" PRIu64
421 ", out hc high prio octets %" PRIu64,
422 EXTRACT_64BITS(sflow_100basevg_counter->hc_in_highpriority_octets),
423 EXTRACT_64BITS(sflow_100basevg_counter->hc_in_normpriority_octets),
424 EXTRACT_64BITS(sflow_100basevg_counter->hc_out_highpriority_octets));
425
426 return 0;
427
428 trunc:
429 return 1;
430 }
431
432 static int
433 print_sflow_counter_vlan(const u_char *pointer, u_int len) {
434
435 const struct sflow_vlan_counter_t *sflow_vlan_counter;
436
437 if (len < sizeof(struct sflow_vlan_counter_t))
438 return 1;
439
440 sflow_vlan_counter = (const struct sflow_vlan_counter_t *)pointer;
441 TCHECK(*sflow_vlan_counter);
442 printf("\n\t vlan_id %u, octets %" PRIu64
443 ", unicast_pkt %u, multicast_pkt %u, broadcast_pkt %u, discards %u",
444 EXTRACT_32BITS(sflow_vlan_counter->vlan_id),
445 EXTRACT_64BITS(sflow_vlan_counter->octets),
446 EXTRACT_32BITS(sflow_vlan_counter->unicast_pkt),
447 EXTRACT_32BITS(sflow_vlan_counter->multicast_pkt),
448 EXTRACT_32BITS(sflow_vlan_counter->broadcast_pkt),
449 EXTRACT_32BITS(sflow_vlan_counter->discards));
450
451 return 0;
452
453 trunc:
454 return 1;
455 }
456
457 struct sflow_processor_counter_t {
458 u_int8_t five_sec_util[4];
459 u_int8_t one_min_util[4];
460 u_int8_t five_min_util[4];
461 u_int8_t total_memory[8];
462 u_int8_t free_memory[8];
463 };
464
465 static int
466 print_sflow_counter_processor(const u_char *pointer, u_int len) {
467
468 const struct sflow_processor_counter_t *sflow_processor_counter;
469
470 if (len < sizeof(struct sflow_processor_counter_t))
471 return 1;
472
473 sflow_processor_counter = (const struct sflow_processor_counter_t *)pointer;
474 TCHECK(*sflow_processor_counter);
475 printf("\n\t 5sec %u, 1min %u, 5min %u, total_mem %" PRIu64
476 ", total_mem %" PRIu64,
477 EXTRACT_32BITS(sflow_processor_counter->five_sec_util),
478 EXTRACT_32BITS(sflow_processor_counter->one_min_util),
479 EXTRACT_32BITS(sflow_processor_counter->five_min_util),
480 EXTRACT_64BITS(sflow_processor_counter->total_memory),
481 EXTRACT_64BITS(sflow_processor_counter->free_memory));
482
483 return 0;
484
485 trunc:
486 return 1;
487 }
488
489 static int
490 sflow_print_counter_records(const u_char *pointer, u_int len, u_int records) {
491
492 u_int nrecords;
493 const u_char *tptr;
494 u_int tlen;
495 u_int counter_type;
496 u_int counter_len;
497 u_int enterprise;
498 const struct sflow_counter_record_t *sflow_counter_record;
499
500 nrecords = records;
501 tptr = pointer;
502 tlen = len;
503
504 while (nrecords > 0) {
505 /* do we have the "header?" */
506 if (tlen < sizeof(struct sflow_counter_record_t))
507 return 1;
508 sflow_counter_record = (const struct sflow_counter_record_t *)tptr;
509 TCHECK(*sflow_counter_record);
510
511 enterprise = EXTRACT_32BITS(sflow_counter_record->format);
512 counter_type = enterprise & 0x0FFF;
513 enterprise = enterprise >> 20;
514 counter_len = EXTRACT_32BITS(sflow_counter_record->length);
515 printf("\n\t enterprise %u, %s (%u) length %u",
516 enterprise,
517 (enterprise == 0) ? tok2str(sflow_counter_type_values,"Unknown",counter_type) : "Unknown",
518 counter_type,
519 counter_len);
520
521 tptr += sizeof(struct sflow_counter_record_t);
522 tlen -= sizeof(struct sflow_counter_record_t);
523
524 if (tlen < counter_len)
525 return 1;
526 if (enterprise == 0) {
527 switch (counter_type) {
528 case SFLOW_COUNTER_GENERIC:
529 if (print_sflow_counter_generic(tptr,tlen))
530 return 1;
531 break;
532 case SFLOW_COUNTER_ETHERNET:
533 if (print_sflow_counter_ethernet(tptr,tlen))
534 return 1;
535 break;
536 case SFLOW_COUNTER_TOKEN_RING:
537 if (print_sflow_counter_token_ring(tptr,tlen))
538 return 1;
539 break;
540 case SFLOW_COUNTER_BASEVG:
541 if (print_sflow_counter_basevg(tptr,tlen))
542 return 1;
543 break;
544 case SFLOW_COUNTER_VLAN:
545 if (print_sflow_counter_vlan(tptr,tlen))
546 return 1;
547 break;
548 case SFLOW_COUNTER_PROCESSOR:
549 if (print_sflow_counter_processor(tptr,tlen))
550 return 1;
551 break;
552 default:
553 if (vflag <= 1)
554 print_unknown_data(tptr, "\n\t\t", counter_len);
555 break;
556 }
557 }
558 tptr += counter_len;
559 tlen -= counter_len;
560 nrecords--;
561
562 }
563
564 return 0;
565
566 trunc:
567 return 1;
568 }
569
570
571 static int
572 sflow_print_counter_sample(const u_char *pointer, u_int len) {
573
574 const struct sflow_counter_sample_t *sflow_counter_sample;
575 u_int nrecords;
576 u_int typesource;
577 u_int type;
578 u_int index;
579
580 if (len < sizeof(struct sflow_counter_sample_t))
581 return 1;
582
583 sflow_counter_sample = (const struct sflow_counter_sample_t *)pointer;
584 TCHECK(*sflow_counter_sample);
585
586 typesource = EXTRACT_32BITS(sflow_counter_sample->typesource);
587 nrecords = EXTRACT_32BITS(sflow_counter_sample->records);
588 type = typesource >> 24;
589 index = typesource & 0x0FFF;
590
591 printf(" seqnum %u, type %u, idx %u, records %u",
592 EXTRACT_32BITS(sflow_counter_sample->seqnum),
593 type,
594 index,
595 nrecords);
596
597 return sflow_print_counter_records(pointer + sizeof(struct sflow_counter_sample_t),
598 len - sizeof(struct sflow_counter_sample_t),
599 nrecords);
600
601 trunc:
602 return 1;
603 }
604
605 static int
606 sflow_print_expanded_counter_sample(const u_char *pointer, u_int len) {
607
608 const struct sflow_expanded_counter_sample_t *sflow_expanded_counter_sample;
609 u_int nrecords;
610
611
612 if (len < sizeof(struct sflow_expanded_counter_sample_t))
613 return 1;
614
615 sflow_expanded_counter_sample = (const struct sflow_expanded_counter_sample_t *)pointer;
616 TCHECK(*sflow_expanded_counter_sample);
617
618 nrecords = EXTRACT_32BITS(sflow_expanded_counter_sample->records);
619
620 printf(" seqnum %u, type %u, idx %u, records %u",
621 EXTRACT_32BITS(sflow_expanded_counter_sample->seqnum),
622 EXTRACT_32BITS(sflow_expanded_counter_sample->type),
623 EXTRACT_32BITS(sflow_expanded_counter_sample->index),
624 nrecords);
625
626 return sflow_print_counter_records(pointer + sizeof(struct sflow_expanded_counter_sample_t),
627 len - sizeof(struct sflow_expanded_counter_sample_t),
628 nrecords);
629
630 trunc:
631 return 1;
632 }
633
634 static int
635 print_sflow_raw_packet(const u_char *pointer, u_int len) {
636
637 const struct sflow_expanded_flow_raw_t *sflow_flow_raw;
638
639 if (len < sizeof(struct sflow_expanded_flow_raw_t))
640 return 1;
641
642 sflow_flow_raw = (const struct sflow_expanded_flow_raw_t *)pointer;
643 TCHECK(*sflow_flow_raw);
644 printf("\n\t protocol %s (%u), length %u, stripped bytes %u, header_size %u",
645 tok2str(sflow_flow_raw_protocol_values,"Unknown",EXTRACT_32BITS(sflow_flow_raw->protocol)),
646 EXTRACT_32BITS(sflow_flow_raw->protocol),
647 EXTRACT_32BITS(sflow_flow_raw->length),
648 EXTRACT_32BITS(sflow_flow_raw->stripped_bytes),
649 EXTRACT_32BITS(sflow_flow_raw->header_size));
650
651 /* QUESTION - should we attempt to print the raw header itself?
652 assuming of course there is wnough data present to do so... */
653
654 return 0;
655
656 trunc:
657 return 1;
658 }
659
660 static int
661 print_sflow_ethernet_frame(const u_char *pointer, u_int len) {
662
663 const struct sflow_ethernet_frame_t *sflow_ethernet_frame;
664
665 if (len < sizeof(struct sflow_ethernet_frame_t))
666 return 1;
667
668 sflow_ethernet_frame = (const struct sflow_ethernet_frame_t *)pointer;
669 TCHECK(*sflow_ethernet_frame);
670
671 printf("\n\t frame len %u, type %u",
672 EXTRACT_32BITS(sflow_ethernet_frame->length),
673 EXTRACT_32BITS(sflow_ethernet_frame->type));
674
675 return 0;
676
677 trunc:
678 return 1;
679 }
680
681 static int
682 print_sflow_extended_switch_data(const u_char *pointer, u_int len) {
683
684 const struct sflow_extended_switch_data_t *sflow_extended_sw_data;
685
686 if (len < sizeof(struct sflow_extended_switch_data_t))
687 return 1;
688
689 sflow_extended_sw_data = (const struct sflow_extended_switch_data_t *)pointer;
690 TCHECK(*sflow_extended_sw_data);
691 printf("\n\t src vlan %u, src pri %u, dst vlan %u, dst pri %u",
692 EXTRACT_32BITS(sflow_extended_sw_data->src_vlan),
693 EXTRACT_32BITS(sflow_extended_sw_data->src_pri),
694 EXTRACT_32BITS(sflow_extended_sw_data->dst_vlan),
695 EXTRACT_32BITS(sflow_extended_sw_data->dst_pri));
696
697 return 0;
698
699 trunc:
700 return 1;
701 }
702
703 static int
704 sflow_print_flow_records(const u_char *pointer, u_int len, u_int records) {
705
706 u_int nrecords;
707 const u_char *tptr;
708 u_int tlen;
709 u_int flow_type;
710 u_int enterprise;
711 u_int flow_len;
712 const struct sflow_flow_record_t *sflow_flow_record;
713
714 nrecords = records;
715 tptr = pointer;
716 tlen = len;
717
718 while (nrecords > 0) {
719 /* do we have the "header?" */
720 if (tlen < sizeof(struct sflow_flow_record_t))
721 return 1;
722
723 sflow_flow_record = (const struct sflow_flow_record_t *)tptr;
724 TCHECK(*sflow_flow_record);
725
726 /* so, the funky encoding means we cannot blythly mask-off
727 bits, we must also check the enterprise. */
728
729 enterprise = EXTRACT_32BITS(sflow_flow_record->format);
730 flow_type = enterprise & 0x0FFF;
731 enterprise = enterprise >> 12;
732 flow_len = EXTRACT_32BITS(sflow_flow_record->length);
733 printf("\n\t enterprise %u %s (%u) length %u",
734 enterprise,
735 (enterprise == 0) ? tok2str(sflow_flow_type_values,"Unknown",flow_type) : "Unknown",
736 flow_type,
737 flow_len);
738
739 tptr += sizeof(struct sflow_flow_record_t);
740 tlen -= sizeof(struct sflow_flow_record_t);
741
742 if (tlen < flow_len)
743 return 1;
744
745 if (enterprise == 0) {
746 switch (flow_type) {
747 case SFLOW_FLOW_RAW_PACKET:
748 if (print_sflow_raw_packet(tptr,tlen))
749 return 1;
750 break;
751 case SFLOW_FLOW_EXTENDED_SWITCH_DATA:
752 if (print_sflow_extended_switch_data(tptr,tlen))
753 return 1;
754 break;
755 case SFLOW_FLOW_ETHERNET_FRAME:
756 if (print_sflow_ethernet_frame(tptr,tlen))
757 return 1;
758 break;
759 /* FIXME these need a decoder */
760 case SFLOW_FLOW_IPV4_DATA:
761 case SFLOW_FLOW_IPV6_DATA:
762 case SFLOW_FLOW_EXTENDED_ROUTER_DATA:
763 case SFLOW_FLOW_EXTENDED_GATEWAY_DATA:
764 case SFLOW_FLOW_EXTENDED_USER_DATA:
765 case SFLOW_FLOW_EXTENDED_URL_DATA:
766 case SFLOW_FLOW_EXTENDED_MPLS_DATA:
767 case SFLOW_FLOW_EXTENDED_NAT_DATA:
768 case SFLOW_FLOW_EXTENDED_MPLS_TUNNEL:
769 case SFLOW_FLOW_EXTENDED_MPLS_VC:
770 case SFLOW_FLOW_EXTENDED_MPLS_FEC:
771 case SFLOW_FLOW_EXTENDED_MPLS_LVP_FEC:
772 case SFLOW_FLOW_EXTENDED_VLAN_TUNNEL:
773 break;
774 default:
775 if (vflag <= 1)
776 print_unknown_data(tptr, "\n\t\t", flow_len);
777 break;
778 }
779 }
780 tptr += flow_len;
781 tlen -= flow_len;
782 nrecords--;
783
784 }
785
786 return 0;
787
788 trunc:
789 return 1;
790 }
791
792 static int
793 sflow_print_flow_sample(const u_char *pointer, u_int len) {
794
795 const struct sflow_flow_sample_t *sflow_flow_sample;
796 u_int nrecords;
797 u_int typesource;
798 u_int type;
799 u_int index;
800
801 if (len < sizeof(struct sflow_flow_sample_t))
802 return 1;
803
804 sflow_flow_sample = (struct sflow_flow_sample_t *)pointer;
805 TCHECK(*sflow_flow_sample);
806
807 typesource = EXTRACT_32BITS(sflow_flow_sample->typesource);
808 nrecords = EXTRACT_32BITS(sflow_flow_sample->records);
809 type = typesource >> 24;
810 index = typesource & 0x0FFF;
811
812 printf(" seqnum %u, type %u, idx %u, rate %u, pool %u, drops %u, input %u output %u records %u",
813 EXTRACT_32BITS(sflow_flow_sample->seqnum),
814 type,
815 index,
816 EXTRACT_32BITS(sflow_flow_sample->rate),
817 EXTRACT_32BITS(sflow_flow_sample->pool),
818 EXTRACT_32BITS(sflow_flow_sample->drops),
819 EXTRACT_32BITS(sflow_flow_sample->in_interface),
820 EXTRACT_32BITS(sflow_flow_sample->out_interface),
821 nrecords);
822
823 return sflow_print_flow_records(pointer + sizeof(struct sflow_flow_sample_t),
824 len - sizeof(struct sflow_flow_sample_t),
825 nrecords);
826
827 trunc:
828 return 1;
829 }
830
831 static int
832 sflow_print_expanded_flow_sample(const u_char *pointer, u_int len) {
833
834 const struct sflow_expanded_flow_sample_t *sflow_expanded_flow_sample;
835 u_int nrecords;
836
837 if (len < sizeof(struct sflow_expanded_flow_sample_t))
838 return 1;
839
840 sflow_expanded_flow_sample = (const struct sflow_expanded_flow_sample_t *)pointer;
841 TCHECK(*sflow_expanded_flow_sample);
842
843 nrecords = EXTRACT_32BITS(sflow_expanded_flow_sample->records);
844
845 printf(" seqnum %u, type %u, idx %u, rate %u, pool %u, drops %u, records %u",
846 EXTRACT_32BITS(sflow_expanded_flow_sample->seqnum),
847 EXTRACT_32BITS(sflow_expanded_flow_sample->type),
848 EXTRACT_32BITS(sflow_expanded_flow_sample->index),
849 EXTRACT_32BITS(sflow_expanded_flow_sample->rate),
850 EXTRACT_32BITS(sflow_expanded_flow_sample->pool),
851 EXTRACT_32BITS(sflow_expanded_flow_sample->drops),
852 EXTRACT_32BITS(sflow_expanded_flow_sample->records));
853
854 return sflow_print_flow_records(pointer + sizeof(struct sflow_expanded_flow_sample_t),
855 len - sizeof(struct sflow_expanded_flow_sample_t),
856 nrecords);
857
858 trunc:
859 return 1;
860 }
861
862 void
863 sflow_print(const u_char *pptr, u_int len) {
864
865 const struct sflow_datagram_t *sflow_datagram;
866 const struct sflow_sample_header *sflow_sample;
867
868 const u_char *tptr;
869 u_int tlen;
870 u_int32_t sflow_sample_type, sflow_sample_len;
871 u_int32_t nsamples;
872
873 tptr = pptr;
874 tlen = len;
875 sflow_datagram = (const struct sflow_datagram_t *)pptr;
876 TCHECK(*sflow_datagram);
877
878 /*
879 * Sanity checking of the header.
880 */
881 if (EXTRACT_32BITS(sflow_datagram->version) != 5) {
882 printf("sFlow version %u packet not supported",
883 EXTRACT_32BITS(sflow_datagram->version));
884 return;
885 }
886
887 if (vflag < 1) {
888 printf("sFlowv%u, %s agent %s, agent-id %u, length %u",
889 EXTRACT_32BITS(sflow_datagram->version),
890 EXTRACT_32BITS(sflow_datagram->ip_version) == 1 ? "IPv4" : "IPv6",
891 ipaddr_string(sflow_datagram->agent),
892 EXTRACT_32BITS(sflow_datagram->agent_id),
893 len);
894 return;
895 }
896
897 /* ok they seem to want to know everything - lets fully decode it */
898 nsamples=EXTRACT_32BITS(sflow_datagram->samples);
899 printf("sFlowv%u, %s agent %s, agent-id %u, seqnum %u, uptime %u, samples %u, length %u",
900 EXTRACT_32BITS(sflow_datagram->version),
901 EXTRACT_32BITS(sflow_datagram->ip_version) == 1 ? "IPv4" : "IPv6",
902 ipaddr_string(sflow_datagram->agent),
903 EXTRACT_32BITS(sflow_datagram->agent_id),
904 EXTRACT_32BITS(sflow_datagram->seqnum),
905 EXTRACT_32BITS(sflow_datagram->uptime),
906 nsamples,
907 len);
908
909 /* skip Common header */
910 tptr += sizeof(const struct sflow_datagram_t);
911 tlen -= sizeof(const struct sflow_datagram_t);
912
913 while (nsamples > 0 && tlen > 0) {
914 sflow_sample = (const struct sflow_sample_header *)tptr;
915 TCHECK(*sflow_sample);
916
917 sflow_sample_type = (EXTRACT_32BITS(sflow_sample->format)&0x0FFF);
918 sflow_sample_len = EXTRACT_32BITS(sflow_sample->len);
919
920 if (tlen < sizeof(struct sflow_sample_header))
921 goto trunc;
922
923 tptr += sizeof(struct sflow_sample_header);
924 tlen -= sizeof(struct sflow_sample_header);
925
926 printf("\n\t%s (%u), length %u,",
927 tok2str(sflow_format_values, "Unknown", sflow_sample_type),
928 sflow_sample_type,
929 sflow_sample_len);
930
931 /* basic sanity check */
932 if (sflow_sample_type == 0 || sflow_sample_len ==0) {
933 return;
934 }
935
936 if (tlen < sflow_sample_len)
937 goto trunc;
938
939 /* did we capture enough for fully decoding the sample ? */
940 TCHECK2(*tptr, sflow_sample_len);
941
942 switch(sflow_sample_type) {
943 case SFLOW_FLOW_SAMPLE:
944 if (sflow_print_flow_sample(tptr,tlen))
945 goto trunc;
946 break;
947
948 case SFLOW_COUNTER_SAMPLE:
949 if (sflow_print_counter_sample(tptr,tlen))
950 goto trunc;
951 break;
952
953 case SFLOW_EXPANDED_FLOW_SAMPLE:
954 if (sflow_print_expanded_flow_sample(tptr,tlen))
955 goto trunc;
956 break;
957
958 case SFLOW_EXPANDED_COUNTER_SAMPLE:
959 if (sflow_print_expanded_counter_sample(tptr,tlen))
960 goto trunc;
961 break;
962
963 default:
964 if (vflag <= 1)
965 print_unknown_data(tptr, "\n\t ", sflow_sample_len);
966 break;
967 }
968 tptr += sflow_sample_len;
969 tlen -= sflow_sample_len;
970 nsamples--;
971 }
972 return;
973
974 trunc:
975 printf("[|SFLOW]");
976 }
977
978 /*
979 * Local Variables:
980 * c-style: whitesmith
981 * c-basic-offset: 4
982 * End:
983 */
[mirror] the TCPdump network dissector